Security, Strategy, and the Commercial Enterprise

4. The opportunities of globalization must be measured against the risks. Companies will have to rethink their globalization strategies, not only because of the terrorist attacks, but in light of the mounting protests that began in Seattle and continued through Geneva, Davos, and Genoa. This is not to equate the protesters with the terrorists, but it is to accept that there is a palpable opposition in the East and West to the globalization regimens of many multinational companies. At the least, corporate leaders will have to be able to identify legitimate non-governmental organizations, distinguish genuine grievances from untenable demands, and adapt strategies and operations to the needs of increasingly diverse global constituencies. More importantly, corporate leaders should add to their companies’ mission the goal of spreading the benefits of openness — through education, training, and rising living standards — to the world’s dispossessed.

5. Cyber-security is also a life-and-death matter. Although lacking the direct human trauma of physical attacks and bio-terrorism, cyber-attack is a real and perilous vulnerability. Scenarios, such as one sponsored last year by the Department of Energy and the Utah Olympic Public Safety Command, demonstrate that terrorist attacks could be significantly worsened by cyber-assaults aimed at disrupting local power and telecommunications infrastructures. The dispersed character of the Internet does not protect against this threat. To the contrary, although the Internet was designed to be so redundant that it could survive a massive physical attack, because it treats everyone as a privileged insider, it is extremely vulnerable to cyber-attack. Witness the recurrent denial-of-service attacks and large-scale computer viruses. Individual companies can significantly reduce their vulnerability to cyber-attack; nets of companies can do more.

“Companies will need to conduct new forms of due diligence on would-be alliance partners. Existing alliances should reevaluate their linked physical, personnel, and cyber security processes.”

6. Strategic security is a joint public–private responsibility. Strategic security will require a new, negotiated balance between private companies and the public sector generally — cooperation that doesn’t always come naturally. Consider the disparate ways government agencies and the financial-services industry have treated breaches of computer networks. Law enforcement authorities have tended to treat hackers’ attacks as crimes, hence the secrecy of the evidence they obtain. Financial institutions, by contrast, want to understand their vulnerability and repair it, which mandates rapid access to the information that government — as well as other companies — acquires. With power grids, banking networks, industrial logistics systems, and telecommunications networks subject to disruption, mitigating the antagonisms and inefficiencies in the public–private relationship will be crucial in preserving citizen trust in the economic system. It will also save lives.

Foundations of ProsperityThe memory of the Second World War should be a balm in the months and years ahead. For lest our resolve in this latest global conflict wane, it’s important to remember that the measures taken to win World War II also were the foundation for the Western world’s post-war prosperity.

We can achieve even greater results today, but only if government leaders, citizens, and business executives recognize that we all play crucial roles. In Shanghai, President Bush put it best. “Pursuing both openness and security is difficult,” he said. “But it is necessary.”

AuthorsRalph Shrader, [email protected]Ralph Shrader is the chairman and chief executive officer of Booz Allen Hamilton, the international strategy and technology consulting firm.Mike McConnell, [email protected]Mike McConnell is a vice president with Booz Allen Hamilton and the former director of the National Security Agency.

Articles published in strategy+business do not necessarily represent the views of PwC Strategy& Inc. or any other member firm of the PwC network. Reviews and mentions of publications, products, or services do not constitute endorsement or recommendation for purchase.